Techniques
Sample rules
Process Launched Without Image Name
- source: sigma
- technicques:
Description
Detect the use of processes with no name (".exe"), which can be used to evade Image-based detections.
Detection logic
condition: selection
selection:
Image|endswith: \.exe